CVE-2023-49978

HIGH

Customer Support System v1 - Improper Access Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49978. PoCs published by geraldoalcantara.

AI-analyzed exploit summary The repository provides a detailed technical description of an incorrect access control vulnerability in Customer Support System 1.0, allowing non-administrator users to access administrative pages and perform privileged actions. It includes specific URLs and actions that can be exploited, but lacks functional exploit code.

Description

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.

Exploits (1)

nomisec WRITEUP
by geraldoalcantara · poc
https://github.com/geraldoalcantara/CVE-2023-49978

The repository provides a detailed technical description of an incorrect access control vulnerability in Customer Support System 1.0, allowing non-administrator users to access administrative pages and perform privileged actions. It includes specific URLs and actions that can be exploited, but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Customer Support System 1.0
Auth required
Prerequisites: Low-privilege user account
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0083
EPSS Percentile 52.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (1)
oretnom23/customer_support_system 1.0
Published Mar 21, 2024
Tracked Since Feb 18, 2026